View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 14, 2023

UK critical infrastructure needs better cybersecurity to withstand attacks, says NCSC

The threat posed by Russia and China means UK critical infrastructure defences must be strengthened, the agency says.

By Matthew Gooding

The head of the UK’s cybersecurity watchdog the National Cybersecurity Centre (NCSC) says her organisation has learned a lot about the UK’s ability to withstand cyberattacks from the war in Ukraine, which she describes as the “most sustained and intensive cyber campaign ever”.

The NCSC wants critical infrastructure providers to boost security. (Photo by T Schneider/Shutterstock)

Lindy Cameron’s comments came in the NCSC’s annual report, released today, which also highlights that work is needed to boost the security of the UK’s critical national infrastructure, such as water and power networks, to ensure it is adequately protected from the threat posed by hackers.

Russia’s war in Ukraine has been an intense cyber battle

NCSC CEO Cameron said that improving UK infrastructure’s resilience against cyberattacks was a key priority for her organisation.

She said: “We will continue to improve our understanding of the threats we face and use this knowledge to strengthen resilience in the areas that carry the most risk for the UK, be that across government or to the companies involved in delivering our critical national infrastructure.

Adding that her team had “learned a lot about our resilience in light of the ongoing war between Russia and Ukraine”, she said the conflict “remains the most sustained and intensive cyber campaign ever”.

Cameron added: “As the threat landscape evolves, we will need to measure the impact we can have on resilience, as well as while working with others to maximise our success.”

As reported by Tech Monitor, the Russia-Ukraine war has been characterised by a string of cyberattacks perpetrated by hackers sympathetic to both sides in the conflict. The most common successful attacks have been low-level DDoS breaches, but critical infrastructure has also been a common target.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Last year the UK and its allies in the Five Eyes security alliance flagged the threat posed to infrastructure by Russian hackers, and in September this year, the alliance said a set of hacking tools known as ‘Infamous Chisel’ was being deployed by hacking group Sandworm, working on behalf of Russia’s GRU security force, to hit targets in Ukraine. The same group also managed to cause power cuts in Ukraine by hacking into infrastructure, according to a report last week from Google-owned security vendor Mandiant.

UK must boost critical infrastructure defences

Russia is not the only threat to critical infrastructure, and the report highlights that nation-state-backed cybercriminals from China and North Korea have also launched campaigns against the UK and its allies.

This threat to critical infrastructure is “evolving”, the report says, and it warns: “While we are making progress building resilience in our most critical sectors, we aren’t where we need to be,” the report states. 

“We will continue to work with partners across government, industry and regulators to accelerate this work and keep pace with the changing threat, including tracking their resilience in line with targets set out by the deputy prime minister.”

In April, the government set new security targets for critical infrastructure providers, with a 2025 compliance deadline.

Read more: NCSC and Five Eyes reveal most damaging vulnerabilities

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.